Vulnerability Database
Blog
FAQ
Docs
GO-2023-1708
See a problem?
Source
https://pkg.go.dev/vuln/GO-2023-1708
Import Source
https://vuln.go.dev/ID/GO-2023-1708.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2023-1708
Aliases
BIT-vault-2023-0665
CVE-2023-0665
GHSA-hwc3-3qh6-r4gg
Published
2024-08-20T20:29:19Z
Modified
2024-08-20T20:58:39.031595Z
Summary
HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault
Details
HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault
References
https://github.com/advisories/GHSA-hwc3-3qh6-r4gg
https://nvd.nist.gov/vuln/detail/CVE-2023-0665
https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1
https://security.netapp.com/advisory/ntap-20230526-0008
Affected packages
Go
/
github.com/hashicorp/vault
Package
Name
github.com/hashicorp/vault
View open source insights on deps.dev
Purl
pkg:golang/github.com/hashicorp/vault
Affected ranges
Type
SEMVER
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1.11.9
Introduced
1.12.0
Fixed
1.12.5
Introduced
1.13.0
Fixed
1.13.1
GO-2023-1708 - OSV